ES2645954T3 - System and procedure for sending and receiving encoded multimedia content - Google Patents

Abstract

System for sending and receiving encrypted multimedia content, including this system: - a device (6) for disseminating a first encoded multimedia content and then a second encoded multimedia content, the device being able to filter and disseminate the content of a first ECM (Entitlement Control Message) or EMM (Entitlement Management Message) message necessary to decode the first multimedia content according to a first cryptographic procedure, using a first cryptographic key and a first cryptographic algorithm, and to encrypt and disseminate the content of a second ECM or EMM message necessary to decode the second multimedia content according to a second cryptographic procedure, using a second cryptographic key and a second cryptographic algorithm, different from the first cryptographic procedure, - terminals (10-12) suitable for receiving the first and second encoded multimedia content and the first and second ECM or EMM messages, - at least one removable security processor (228) equipped: - of a clamp support (120), - of a nominal electronic chip (230) capable of handling the first ECM or EMM message received by the terminal, this nominal electronic chip being housed without any degree of freedom inside the apprehension holder, and - from at least one emergency electronic chip (231) to replace the nominal chip to handle the second ECM or EMM message received by the terminal (10), the emergency chip (231) being housed, without any degree of freedom, inside the same clamping support as the nominal chip (230), - each electronic chip including an electronic calculator (94 , 100) and a non-volatile read-only memory (96, 102) only accessible by this calculator and each electronic chip being reversibly displaceable, by displacement of the security processor, between a position inserted in it to which the chip is able to communicate with the terminal to receive the ECM and EMM messages to be treated and a withdrawn position in which communication between the chip and the terminal is impossible, containing the non-volatile read-only memory of the first nominal chip secret data necessary to decrypt the content of the first ECM or EMM message encrypted according to the first cryptographic procedure, in which the non-volatile read-only memory of the nominal chip is devoid of second secret data necessary to decrypt the content of the second ECM or EMM message Encryption according to the second cryptographic procedure and the read-only memory (102) of the emergency chip includes the second secret data, and the security processor includes: - an electrical connector (140) that includes electrical contacts (234-241) suitable for contact the corresponding electrical contacts of the terminal in the inserted position to establish an electrical connection to between one of the electronic chips and the terminal, and - a controller (232) that can be sent suitable for tilting from a nominal position in which the electrical contacts of the electrical connector (140) are electrically connected to corresponding terminals (246) of the nominal chip towards an emergency position in which it connects these same electrical contacts to corresponding terminals (250) of the emergency chip, - at least one irreversible switch (254) suitable for tilting only once from an initial position, in which permanently keeps the controller (232) in its nominal position, towards a final position in which the controller is tilted towards its emergency position, the nominal chip being programmed to send the irreversible switch tilt in response to the reception of a activation instruction

Description

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

DESCRIPTION

System and procedure for sending and receiving encoded multimedia content

The invention relates to a system and to a procedure for sending and receiving encoded multimedia content as well as a security processor for this system.

The invention applies in particular to the domain of access control for the provision of multimedia payment programs such as pay television.

It is known to disseminate several multimedia contents at the same time. For this, each multimedia content is broadcast on its own channel. The channel used to transmit multimedia content is also known with the term "chain". A channel typically corresponds to a television network. This allows a user to simply choose the multimedia content they wish to view by changing the channel.

In this description, an audio and / or visual content destined to be restored in a directly perceptible and understandable form by a human being is more specifically designated by "multimedia content." Typically, a multimedia content corresponds to a succession of images that form a movie, a television or advertising broadcast. Multimedia content can also be interactive content such as a game.

To protect and subject the display of multimedia content to certain conditions, such as the subscription of a payment subscription for example, multimedia content is disseminated in an encrypted form and not in open. In this description, the channel is called "encoded" when the multimedia content broadcast on this channel is encoded.

More precisely, each multimedia content is divided into a succession of cryptocurrencies. During the duration of a cryptopenode, the conditions of access to the encoded multimedia content remain unchanged. In particular, throughout the duration of a cryptopenode, multimedia content is encoded with the same control word. Generally, the control word goes from one cryptopenode to the other.

In addition, the control word is generally specific to multimedia content, the latter being extracted randomly or pseudo-randomly.

Here, the terms "encode" and "encrypt" are considered synonymous, the same goes for the terms "decode" and "decrypt."

Open multimedia content corresponds to multimedia content before it is encoded. This can be made directly understandable by a human being without having resorted to decoding operations and without having their visualization subjected to certain conditions.

The control words necessary to decode the multimedia contents are transmitted synchronously with the multimedia contents. For this, for example, the control words are multiplexed with the encoded multimedia content.

To protect the transmission of control words, they are transmitted to the terminals in the form of cryptograms contained in ECM messages (Entitlement Control Message). Here, "cryptogram" refers to insufficient information alone to find the control word open. Thus, if the transmission of the control word is intercepted, the only knowledge of the cryptogram of the control word does not allow to find the control word that allows decoding the multimedia content.

To find the control word in open, that is to say the control word that allows to decode directly the multimedia content, this must be combined with a secret information. For example, the cryptogram of the control word is obtained by encrypting the control word in open with a cryptographic key. In this case, the secret information is the cryptographic key that allows to decrypt this cryptogram. The control word cryptogram can also be a reference to a control word stored in a table that contains a multitude of possible control words. In this case, the secret information is the table that associates an open control word to each reference.

The secret information must be preserved in a safe place. For this, it has already been proposed to store the secret information in security processors such as chip cards directly connected to each of the terminals.

On the other hand, multimedia content disseminated on the different channels can be temporarily coordinated among them. For example, the instants of diffusion of multimedia contents are regulated to respect the diffusion schedules indicated on a pre-established program grid. Each terminal on a given channel therefore receives substantially the same multimedia content at the same time. It is said that these multimedia contents are "live" or "linear" streams as the user does not control their moment of transmission.

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

In this context, attacks have been developed to allow users to decode multimedia content for those who have not acquired Kcitamente access rights.

For example cryptanalysis methods of a security processor are described in the following article:

Hagai Bar-El, Hamid Choukri, David Naccache, Michael Tunstall, Claire Whelan, "The sorcerer's apprentice Guide to Fault Attacks".

Thus, despite the precautions taken to protect security processors, these are sometimes victims of a successful cryptanalysis. The secret data they include is then known, it is essentially the keys and the cryptographic algorithms used. It is then possible to produce security processors called "pirates" that allow decoding multimedia content without paying subscription.

To combat this problem, known systems for sending and receiving multimedia content include:

- a device for broadcasting a temporary succession of a first encrypted multimedia content. With a second encrypted multimedia content, the device being able to filter the content of a first ECM (Entitlement Control Message) or EMM (Entitlement Management Message) message necessary to decrypt the first multimedia content according to a first cryptographic procedure and to encrypt the content of a second ECM or EMM message necessary to decode the second multimedia content according to a second cryptographic procedure different from the first cryptographic procedure,

- terminals suitable for receiving the first and second encoded multimedia content and the first and second ECM or EMM messages,

- at least one removable security processor equipped with a clamping support and a nominal electronic chip suitable for handling the ECM and EMM messages received by the terminal, this nominal electronic chip being housed without any degree of freedom inside the support of apprehension, including each electronic chip an electronic calculator and a non-volatile read-only memory only accessible by this calculator and each electronic chip being reversibly displaced between an inserted position in which the chip is able to communicate with the terminal to receive the ECM and EMM messages to be treated and a retired position in which communication between the chip and the terminal is impossible, containing the non-volatile read-only memory of the nominal chip first secret data necessary to decipher the content of the first encrypted ECM or EMM message according to the first cryptographic procedure and being devoid of second necessary secret data to decrypt the content of the second ECM or EMM messages encrypted according to the second cryptographic procedure, and

- at least one emergency electronic chip capable of replacing the nominal chip to handle the ECM and EMM messages received by the terminal, including the read-only memory of the emergency chip the second secret data.

The emergency chip is housed in a new security processor that has an identical apprehension support to that in which the nominal chip is mechanically but independent from the first one. Thereafter, in case of successful cryptanalysis, the security processor is hacked, and the operator sends the new security processor to each subscriber, and then the subscriber replaces the old security processor with the new security processor.

This system allows you to replace the secret data contained in the non-volatile read-only memory with other secret data. In addition, the new security processor has different protection mechanisms from the old security processors. System security is then restored as old security processors are no longer usable to decode multimedia content. In effect, in parallel, the second cryptographic procedure is used to encrypt the information contained in the ECM and EMM messages so that these contents are not decipherable more than by the new security processors.

However, this system is impractical because it involves sending each subscriber a new security processor in case of cryptanalysis with success of the nominal chip.

The state of the art is also known for:

- US 5 847 372A,

- US 2002/023963 A1.

- document NL 9301540A - document KR 101017425B1,

- WO 2008/025900 A1.

US 6922780 describes a chip card that has two processors: a nominal processor and a

5

10

fifteen

twenty

25

30

35

40

Four. Five

Emergency processor that can be activated if the nominal processor ceases to function normally. Tipping towards the emergency chip is done by changing the orientation of the card in the receiver.

The invention aims to remedy this problem by proposing a system in which the replacement of the nominal chip by the emergency chip is simpler. Its purpose is therefore an emission and reception system according to claim 1.

In the previous system, the security processor is equipped with two electronic chips from the origin, ie the nominal chip and the emergency chip. Thus, when an electronic chip change is desirable, it is not necessary to send the emergency chip to each subscriber. On the contrary, in the previous system, simply replace the nominal chip with the emergency chip that is already available to the subscriber. Thus, this system allows you to save money from a new security processor that includes the emergency chip.

The fact that the two electronic chips are housed in the same support also allows an apprehension support to be made in relation to the state of the art system.

In addition, the nominal chip and the emergency chip are integral with the same apprehension support so that the risk of losing the emergency chip before it is used is void.

Finally, the change of cryptographic procedure makes the replacement of the nominal chip with the irreversible emergency chip. Indeed, after this replacement, the nominal chip is no longer usable to decode multimedia content.

The invention also has as its object a security processor for the implementation of the previous system.

The embodiments of this security processor may include one or more of the features of the dependent claims.

These embodiments of the security processor also have the following advantages:

- The use of a common electrical connector for the nominal chip and for the emergency chip makes the emergency chip inaccessible while the nominal chip is used, which makes any attempt at cryptanalysis of this emergency chip very difficult before it becomes used;

- the fact that only the nominal chip can tilt the controller towards the emergency position makes access to the emergency chip even more difficult while the nominal chip is used since it is necessary before doing the cryptanalysis of the nominal chip if you want to perform an iffcito tilting towards the emergency position;

- the fact that the instruction of activation of the emergency chip is transmitted in an ECM or EMM message increases the security of the system since the tilting towards the emergency chip can then only be activated from the diffusion device;

- the use of an irreversible switch makes the tilting of the nominal chip towards the emergency chip definitive so that the nominal one can no longer be used;

- the use of a nominal electrical connector and an emergency electrical connector makes it possible to replace the nominal chip with the emergency chip with a simple rotation of the security processor around a revolution symmetry axis;

- the fact that the emergency chip is in a deactivated state before its most difficult use any attempt at cryptanalysis of this emergency chip.

The invention also has as its object a procedure for sending and receiving encrypted multimedia content according to the independent claim of this procedure.

The invention will be better understood by reading the following description, given only by way of non-limiting example and made with reference to the drawings in which:

Fig. 1 is a schematic illustration of a system for sending and receiving multimedia content;

Fig. 2 is an illustration from above of a security processor used in the system of fig. one;

Fig. 3 is a partial and exploded view of the security processor of fig. 2;

Fig. 4 is a schematic illustration of different functional blocks integrated in the security processor of figs. 2 and 3;

Fig. 5 is an organization chart of a procedure for sending and receiving multimedia content with the help of a system of fig. one;

5

10

fifteen

twenty

25

30

35

40

Four. Five

Fig. 6 is a schematic illustration of another embodiment of a security processor usable in the system of fig. one;

Fig. 7 is a flow chart of a procedure for sending and receiving multimedia content using the security processor of fig. 6.

In these figures the same references are used to designate the same elements.

In the continuation of this description, the features and functions well known to those skilled in the art have not been described in detail. In addition, the terminology used is that of conditional access systems to multimedia content. For more information on this terminology, the reader can refer to the following document:

"Functional Model of Conditional Access System", EBU Review, Technical European Broadcasting Union, Brussels, BE, No. 266, December 21, 1995.

Fig. 1 represents a system 2 for sending and receiving encoded multimedia content. The broadcast multimedia contents are linear multimedia contents. For example, a multimedia content corresponds to a sequence of an audiovisual program such as a television broadcast or a movie.

The open multimedia contents are generated by one or several sources 4 and transmitted to a broadcast device 6. The device 6 disseminates the multimedia contents simultaneously to a multitude of reception terminals through an information transmission network 8. Broadcast multimedia content is temporarily synchronized with each other to, for example, respect a preset program grid.

The network 8 is typically a long distance information transmission network such as the Internet network or a satellite network or any other broadcast network such as that used for the transmission of digital terrestrial television (DTT).

To simplify fig. 1, only three terminals 10 to 12 of reception have been represented.

The device 6 comprises an encoder 16 that compresses the multimedia contents it receives. The encoder 16 deals with digital multimedia content. For example, this encoder works according to the MPEG2 standard (Moving Picture Expert Group - 2) or the ITU-T264 standard.

The compressed multimedia contents are directed to an input 20 of an encoder 22. The encoder 22 encodes each compressed multimedia content to condition its display to certain conditions such as the purchase of an access title, by the users of the reception terminals. The encoded multimedia contents are restored on an output 24 connected to the input of the multiplexer 26.

The encoder 22 encodes each compressed multimedia content with the help of a control word CWi, which is provided to it, as well as a conditional access system 28, by a key generator 32. The code i is an identifier of the channel on which the encrypted multimedia content is broadcast and the code t is an order number that identifies the cryptopenode encoded with this control word.

Typically, this encoding conforms to a standard such as DVB-CSA (Digital Video Broadcasting - Common Scrambling Algorithm), ISMA Cryp (Internet Streaming Media Alliance Cryp), SRTP (Secure Real-Time Transport Protocol), AES (Advanced Encryption) Standard), etc.

For each channel i, the system 28 generates ECMi messages, t (Entitlement Control Message), which contain at least the CW * i cryptogram, t of the control word CWi, t generated by the generator 32 and used by the encoder 22 to illustrate the cryptopenode t of channel i. These messages and the encoded multimedia contents are multiplexed by the multiplexer 26, the latter being respectively provided by the conditional access system 28 and by the encoder 22, before being transmitted over the network 8.

System 28 is best known under the acronym CAS (Conditional Access System).

The system 28 also inserts in each ECM:

- the CW * i, t and CW * i, t + 1 cryptograms of the control words CWit and CWi, t + 1 that allow decrypting the immediately consecutive cryptopendes t and t + 1 of channel i,

- CA access conditions intended to be compared with access titles acquired by the user, and

- a signature or MAC cryptographic redundancy that allows verifying the integrity of the ECM message.

The ECM message containing the pair of control words CWit / CWi, t + 1 is referenced ECMit in the continuation of the description where:

- the index i identifies the channel, and

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

- the t-code is an order number that identifies the temporary position of this ECM message in relation to the other different ECM messages issued to decrypt channel i.

By way of illustration, here, the coding and multiplexing of multimedia content is in accordance with the DVB-Simulcrypt protocol (ETSI TS 103 197).

System 28 also generates EMM (Entitlement Control Message) messages. Generally, contrary to ECM messages, EMM messages are intended to carry information directed to a single terminal or to a limited group of terminals. For example, EMM messages are used to transmit access tags and a monthly exploitation key Km to a terminal. The monthly key is the key used to decrypt the CW * i, t and CWVi cryptograms. The access codes and the monthly key Km transmitted to the terminal are first encrypted with a secret management key Kt of the terminal and only the cryptograms thus obtained are incorporated into the EMM message. For this, the system 28 needs to know the secret data associated with this terminal such as its Kt key. For this purpose, the system 28 is connected to a better known access authorization system 34 under the acronym SAS (Subscriber Authorization System). The secret key Kt is different from one terminal to the other. Typically the secret key is recorded in a security processor inserted in this terminal.

This system 34 includes in particular a memory 36 in which a database 38 is recorded. The database 38 associates with each identifier of a terminal security processor, the secret data necessary to generate cryptograms that can be decrypted correctly.

In this example, terminals 10 to 12 are identical. Also, in the following, only terminal 10 has been described in more detail.

Terminal 10 decodes channel i to present it open on a presenter.

The terminal 10 comprises a receiver 70 of broadcast multimedia content. This receiver 70 is connected to the input of a demultiplexer 72 that transmits multimedia content on one side to a decoder 74 and on the other hand the ECMity EMM (Entitlement Management Message) messages to a security processor 76.

The decoder 74 decodes the encoded multimedia content from the control word transmitted by the processor 76. The decoded multimedia content is transmitted to a decoder 78 which decodes it. Unpacked or decoded multimedia content is transmitted to a graphics card 80 that pilots the presentation of this multimedia content on a presenter 82 equipped with a screen 84. The presenter 82 presents the multimedia content on screen 84 open. For example, the presenter 82 is a television, a computer or even a landline or mobile phone. Here, the presenter is a television.

Typically, the interface between terminal 10 and processor 76 comprises a reader 86 managed by an access control module 88. Aqrn reader 86 is a chip card reader. Module 88 manages in particular:

- the transmission of demultiplexed ECM and EMM messages to processor 76, and

- the reception of the control words deciphered by the processor 76 and its transmission to the decoder 74.

The processor 76 treats confidential information such as cryptographic keys. To preserve the confidentiality of this information, it is designed to be as robust as possible in the face of attempts at attacks carried out by hackers. It is therefore more robust against these attacks than the other components of terminal 10. Aqrn, processor 76 is a chip card.

The processor 76 is equipped with a nominal electronic chip 90 and with an emergency electronic chip 92. Each electronic chip comprises an electronic calculator and information storage means only accessible by the calculator. Typically, the information storage media of each chip comprises:

- a non-volatile read-only memory,

- a non-volatile rewritable memory, and

- a volatile memory.

Non-volatile read-only memory contains secret data necessary for decryption of control words. The non-volatile rewritable memory also contains configurable data such as access titles and monthly passwords Km. In fig. 1, the calculator, the information storage media, the non-volatile read-only memory, the rewritable non-volatile memory and the volatile memory of the chip 90 carry, respectively, references 94 to 98. These same elements carry, respectively, the references 100 to 104 for chip 92. Each calculator 94, 100 is a programmable electronic calculator suitable for executing recorded instructions on an information recording medium. For this purpose, non-volatile reading memories 96 and 102 only contain secret data such as instructions and secret keys necessary for the execution of the procedure of fig. 5 or 7. Aqrn, the secret data recorded in these memories 96 and 102 also include:

6

5

10

fifteen

twenty

25

30

35

40

Four. Five

- the code of an operating system;

- the code of the routines executed to handle the received ECM and EMM messages and decryption / encryption algorithms, and

- cryptographic keys.

More precisely and by way of illustration, the memory 96 also contains a secret key Kt1 and the executable code of an algorithm ALGO1 for decryption of the cryptograms of the control words. Memory 102 similarly contains a secret key Kt2 and the executable code of an algorithm ALGO2 for decryption of the cryptograms of the control words.

Under these conditions, database 38 associates in particular with each identifier of a security processor, such as processing 76, the secret keys Kt1 and Kt2 contained, respectively, in memories 96 and 102.

Figures 2 and 3 representatives in more detail the processor 76.

The processor 76 includes a clamping support 120. Here, the support 120 is a flat and substantially rectangular card arranged horizontally. Typically, the width and length of the support 120 are at least ten times greater than its thickness in the vertical direction. For example, the width of the card is less than 11 cm or 9 cm. The length of the card is less than 6 or 7 cm. The thickness of the support 120 is less than 5 or 2 mm. The support 120 has two vertical symmetry planes 122 and 124. In fig. 2, these planes 122 and 124 are represented by lines bearing the same references. These planes 122 and 124 are orthogonal between sf. The intersection of these planes defines a vertical axis O.

Typically, the support 120 is made of plastic. This support is for example conforming to ISO 7816-1.

The support 120 has an upper flat face 126, a lower flat face opposite to the face 126, a left edge 128 and a right edge 130. The edges 128 and 130 are connected to each other by lateral edges 132 and 134 parallel to each other.

An electronic chip 90, 92 is capable of being connected to the reader 86 by means of an electrical connector. Here, processor 76 includes two electrical connectors 140 and 142 to allow connection to reader 86, respectively, of chips 90 and 92. Aqrn these connectors 140 and 142 are in accordance with ISO 7816-2. Thereafter they include eight electrical contacts capable of cooperating with corresponding electrical contacts of the reader 86. These connectors allow the chips to be fed and to communicate with these chips.

The chips 90 and 92 are housed inside the support 120 so that only the electrical connectors 140 and 142 are accessible from the outside of this support. For this purpose, typically, the electronic chips are hidden in the thickness of the support 120. Here, the connectors 140 and 142 are flush on the upper face 126 of the support 120.

Each contact of connectors 140 and 142 is electrically permanently connected by a wire connection to a corresponding terminal of the electronic chip.

Each electronic chip is scrollable between:

- an inserted position in which the electrical connector to which it is connected is in electrical contact with the reader connector 86 to allow power and communication between this chip and terminal 10, and

- a position removed in which the electrical contact between connectors 140 and 142 and the reader is interrupted so that any communication between the chip and the terminal is disabled in this position.

Each chip is housed in a blind housing recessed from a face of the holder 120. Such blind housing 144 is represented for example in fig. 3. Here, the two blind housings that respectively receive the chips 90 and 92 are recessed from the upper face 126 of the support 120. In each blind housing, the electronic chip is fixed without any degree of freedom to the support with help, by for example, of glue 146. Here, the electrical connector 140 covers the electronic chip 90 so as to protect it from the outside.

In this embodiment, the two electrical connectors 140 and 142 are arranged on this upper face 126 so as to allow the replacement of chip 90 with chip 92 by a simple inversion of the support 120. For example here, connectors 140 and 142 they are arranged so that when the support 120 is rotated about the O axis 180 °, the connector 142 comes to take the place of the connector 140 and vice versa. This rotation operation of the support 120 to invert the positions of the electrical connectors is called "inversion".

Fig. 4 represents by way of illustration different functional blocks of the electronic chip 90. Here the chip 90 includes the following functional blocks:

- a manager 150 of the communication protocol between processor 76 and reader 86,

5

10

fifteen

twenty

25

30

35

40

Four. Five

- material devices 152 for protecting the electronic chip against attempts at cryptanalysis,

- a generator 154 of pseudo-random numbers,

- a cryptographic accelerator 156 formed in part by a wired logic that allows to accelerate the execution of the cryptographic algorithms,

- a central processing material unit 158, better known under the English acronym CPU (Central Processing Unit),

- a bus 160 linking the different material elements of chip 90 to each other,

- a module 162 for access control to information storage means 95.

The device 152 is for example a film that covers at least a part of the electronic chip and that releases an acid when it is perforated. Thus, if this film is perforated during a cryptanalysis attempt, then the acid will destroy the different sensitive components of chip 90 to render it unusable. The device 152 may also include a light intensity or voltage sensor to detect attacks in order of failures.

Chip 92 is identical to chip 90 unless:

- at least part of the secret data recorded in memory 102 is different from the secret data recorded in memory 96, and

- preferably, chip 92 is materially made differently from chip 90.

For example, aqrn, the secret keys Kt1 and Kt2 and the algorithms ALGO1 and ALGO2 recorded, respectively, in memories 96 and 102 are different. In addition, here, chips 90 and 92 are manufactured by different manufacturers so that they present material differences in relation to each other. For example, chip 92 includes material protection devices other than those of chip 90. Aqrn, the code of the operating system recorded in memory 96 is different from that recorded in memory 102, as well as the codes of routines used for treat ECM and EMM messages.

Finally, chip 92 is programmed to start handling ECM and EMM messages only after receiving an activation instruction. Before receiving this activation description, the emergency chip is in the deactivated state. In this deactivated state, chip 92 performs only the following operations:

- responds to stressing, and

- compares the values of the bits in predetermined positions in the ECM or EMM messages received in an activation ticket recorded in memory 102. If the value of the bits received corresponds to this activation ticket, then chip 92 considers that it has just Receive activation instruction. In response it goes into an activated state.

In the activated state, chip 92 performs the same functions as chip 90 and, in particular, deals with the ECM and EMM messages to decipher the control words.

The operation of the system 2 will be described in more detail below with reference to the procedure of fig. 5 in the particular case of terminal 10. The operation of the other terminals is deducted from that described for terminal 10.

Initially, during a step 198, the processing 76 is supplied to the holder of the terminal 10. Thereafter, chip 90 is in the inserted position and chip 92 is in the deactivated state.

During a step 200, the control words used to encode the broadcast multimedia content are encrypted with the algorithm ALGO1 and with the help of a monthly key Km1. The monthly key Km1 is in turn encrypted with the help of the Kt1 keys of each terminal. The cryptogram of the Km1 asf key obtained is previously transmitted to each of these terminals by means of an EMM message.

Then, during a step of 202, the encrypted multimedia content is multiplexed with the ECM and EMM messages to be transmitted to the terminals and then broadcast to each of these terminals via the network 8.

During a step 204, each terminal receives the asf multiplex and disseminates it. The ECM and EMM messages extracted from this multiplex are then transmitted by terminal 10 to processor 76.

During a step 206, chip 90 compares access rights contained in the ECM message received with access tags recorded in memory 97. If the access tags correspond to the access rights received, then chip 90 decrypts the CW * cryptograms. i, t contained in the ECM message received with the help of the ALGO1 algorithm and the monthly key Km1. Then, the decoded control word asf is transmitted to terminal 10 by means of reader 86.

5

10

fifteen

twenty

25

30

35

40

Four. Five

In response, during a step 208, the terminal 10 decodes the multimedia content with the help of the control word deciphered by the chip 90 and then presents in open the multimedia content asf decrypted on the screen 84.

Stages 200 to 208 are repeated as long as the security of chip 90 has not been compromised.

When chip 90 has been the victim of a successful cryptanalysis attempt, during a step 210, the operator of system 2 asks its subscribers to proceed with the investment of their respective security processors on a given date. Thereafter, the emergency chip is in the position inserted in the reader 86.

On this determined date, during a step 212, the device 6 broadcasts to the set of terminals an ECM message containing the activation instruction of the emergency chip.

During a step 214, chip 92 compares the activation instruction contained in the ECM message received with the activation ticket contained in its memory 102. If the activation instruction does not correspond to the activation ticket, then chip 92 remains in the state disabled. Otherwise, it swings to the activated state during a step 216.

In parallel, during step 217, the device 6 sends, by means of EMM messages, the set of subscriber access titles of the terminal 10 so that they are stored in the chip 92.

As of the determined date, successive stages 218, 220, 222, 224 and 226 are identified, respectively, to stages 200, 202, 204, 206 and 208 unless:

- during step 218, it is the algorithm ALGO2 and the personal keys Kt2 stored in memory 102 that are used, and

- during step 224, it is chip 92 that deals with the ECM and EMM messages received and no longer chip 90.

During step 224, the ALGO2 algorithm is used instead of the ALGO1 algorithm to decipher the control word.

Fig. 6 represents another embodiment of a security processor 228 capable of being used in the system of fig. 1. This processor 228 is identical to processor 76 except that:

- the connector 142 is omitted,

- chips 90, 92 are replaced by chips 230, 231, and

- a controller 232 is interposed between the chips 230, 231 and the electrical connector 140.

Thus, in this embodiment, the electrical connector 140 is common to the chips 230 and 231. The connector 140 includes eight electrical contacts 234 to 241 capable of coming into electrical contact with corresponding contacts of the reader 86 to establish communication between this processor 230 and reader 86. These eight contacts 234 to 241 are permanently connected by means of wire connections to eight corresponding inputs of the designated controller 232. These eight entries are collectively designated by reference 242.

Controller 232 also includes:

- eight outputs 244 permanently connected, respectively, to eight corresponding terminals 246 of the chip

230, and

- eight outputs 248 permanently connected, respectively, to eight corresponding terminals 250 of the chip

231.

In fig. 6, outputs 244 and 248 as well as terminals 246 and 250 are represented by a single point to simplify this illustration. For the same reasons, the electrical junctions between outputs 244 and 248 and terminals 246 and 250 have been represented simply by a double arrow.

The 232 controller scales between:

- a nominal position in which it connects only the eight inputs 242 to the eight outputs 244 to connect the chip 230 to the contacts of the connector 140, and

- an emergency position in which only the eight inputs 242 are electrically connected to the eight outputs 248 to connect the chip 92 to the contacts of the connector 140.

The controller 232 also includes a tilt control input 252 between the nominal position and the emergency position. The input 252 is here permanently connected to the ground contact 241 of the connector 140 by means of an irreversible switch 254. The switch 254 is only movable once:

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

- from an initial position, here the closed position, in which electrically connects input 252 to contact 241, towards

- a final position, here the open position, in which the input 252 of this contact 241 is electrically isolated.

For example, switch 254 is a fuse capable of blowing in response to an order of chip 230. For this purpose, a wire connection 256 connects a control terminal of switch 254 to chip 230.

Chip 230 is identical to chip 90 except that it is programmed to send the tilt of controller 232 from its nominal position to its emergency position in response to the receipt of an activation instruction transmitted in an ECM message by the device 6. To therefore, chip 230 commands the opening of switch 254. In response, controller 232 swings from its nominal position to its emergency position. Thus, only chip 230 is capable of ordering the tipping of controller 232. Preferably, the activation instruction is encrypted with a key such as the monthly key Km1.

Chip 231 is identical to chip 92 except that it does not include code capable of treating the activation instruction as described in the case of chip 92.

The operation of the system 2, when it is equipped with the processor 228, will be described below with reference to the procedure of fig. 7.

This procedure begins at the same stages 198 to 208 as the preceding ones. At the exit of step 208, in case of successful cryptanalysis of chip 230, the procedure proceeds directly to step 212 without going through step 210. In fact, in this embodiment, it is no longer necessary to reverse the processor of security to move chip 231 to its inserted position.

Next, we proceed to a stage 280 and identify stage 214 except that the activation instruction of the emergency chip is first deciphered with the monthly key Km1 before being compared with the activation ticket.

In the case where the activation instruction corresponds to the activation ticket, during a step 282, the chip 230 orders the opening of the switch 254. For example, the chip 230 blows the fuse by means of the union by means of wires 256.

In response, during a step 284, the controller 232 swings from its nominal position to its emergency position. From this moment, the chip 231 is activated and can handle the ECM and EMM messages received by means of the connector 140. Conversely, the chip 230 is definitively deactivated since the reverse tilt, that is from the emergency position towards The nominal position is prohibited by switch 254.

In parallel of steps 280 to 284, steps 286, 288, 290, 292, 294 and 296 respectively are carried out, identical to steps 217, 218, 220, 222, 224 and 226 of the procedure of fig. 5.

Numerous other embodiments are possible. For example, the apprehension support may have other shapes. For example, in a variant, the apprehension support can take the form of a USB (Universal Serial Bus) key. In this case, the electrical connectors are electrical collectors conforming to the USB standard.

In the case where the processor includes an electrical connector for each chip, these electrical connectors may be arranged in locations other than those shown in fig. 2. For example, one electrical connector can be found on the upper face while the other is on the lower face. In this case, the reversal of the security processor consists in making a 180 ° rotation around a horizontal rotation axis.

The number of electrical connectors and the number of chips housed in the holder 120 may be greater than two. For example, it is comprised between two and four electrical connectors and therefore two and four chips.

Similarly, in the embodiment of fig. 6, processor 228 may include more than two electronic chips. In this case, deactivating the chip in the activated state will automatically activate a next chip. For example, the same mechanism as described to activate chip 231 is used to activate the next chip.

The emergency chip can also be activated in response to an activation instruction contained in an EMM message. The activation of the emergency chip, in another embodiment, is carried out by tele-loading a part of the code of this type from a received EMM message.

What has been described above in the case of a system for sending and receiving linear multimedia content also applies to a system for sending and receiving non-linear multimedia content such as a video on demand system ("Video On Demand" in English).

Claims (6)

5 10 fifteen twenty 25 30 35 40 Four. Five fifty 1. System for sending and receiving encrypted multimedia content, including this system: - a device (6) for the dissemination of a first encoded multimedia content and then a second encoded multimedia content, the device being able to filter and disseminate the content of a first ECM (Entitlement Control Message) or EMM (Entitlement Management Message) message ) necessary to decode the first multimedia content according to a first cryptographic procedure, using a first cryptographic key and a first cryptographic algorithm, and to encrypt and disseminate the content of a second ECM or EMM message necessary to decode the second multimedia content according to a second cryptographic procedure, using a second cryptographic key and a second cryptographic algorithm, different from the first cryptographic procedure, - terminals (10-12) suitable for receiving the first and second encoded multimedia content and the first and second ECM or EMM messages, - at least one removable safety processor (228) equipped: - of a support (120) for apprehension, - of a nominal electronic chip (230) capable of handling the first ECM or EMM message received by the terminal, this nominal electronic chip being housed without any degree of freedom inside the clamping support, and - from at least one emergency electronic chip (231) to everything to replace the nominal chip to handle the second ECM or EMM message received by the terminal (10), the emergency chip (231) being housed, without any degree of freedom , inside the same clamping support as the nominal chip (230), - each electronic chip including an electronic calculator (94, 100) and a non-volatile read-only memory (96, 102) only accessible by this calculator and each electronic chip being reversibly displaceable, by displacement of the security processor, between a inserted position in which the chip is able to communicate with the terminal to receive the ECM and EMM messages to be treated and a withdrawn position in which communication between the chip and the terminal is impossible, containing the non-volatile read-only memory of the nominal chip first secret data necessary to decrypt the content of the first ECM or EMM encrypted message according to the first cryptographic procedure, in which the non-volatile read-only memory of the nominal chip is devoid of second secret data necessary to decrypt the content of the second message ECM or EMM encryption according to the second cryptographic procedure and the read-only memory (102) of the emergency chip includes the second secret data, and the security processor includes: - an electrical connector (140) that includes electrical contacts (234-241) capable of coming into contact with corresponding electrical contacts of the terminal in the inserted position to establish an electrical connection between one of the electronic chips and the terminal, and - a controller (232) that can be sent suitable for tilting from a nominal position in which the electrical contacts of the electrical connector (140) are electrically connected to corresponding terminals (246) of the nominal chip to an emergency position in which it connects these same electrical contacts to corresponding terminals (250) of the emergency chip, - at least one irreversible switch (254) capable of tilting only once from an initial position, in which it permanently maintains the controller (232) in its nominal position, towards a final position in which the controller tilts towards its emergency position, the nominal chip being programmed to send the irreversible switch toggle in response to the reception of an activation instruction. 2. Removable security processor as described in claim 1. 3. Processor according to claim 2, wherein only the nominal chip (230) is capable of sending the tilt of the controller (232) from the nominal position to the emergency position. 4. Processor according to claim 3, wherein the nominal chip (230) is programmed to send the tilt of the controller (232) from the nominal position to its emergency position only in response to an activation instruction contained in an ECM message or EMM received. 5. Processor according to any one of claims 2 to 4, wherein the clamping support (120) is a card whose length and width are at least ten times greater than its thickness. 5 10 fifteen twenty 25 30 35 40 6. Procedure for sending and receiving encrypted multimedia content, including this procedure: - the dissemination (202, 290) of a first encoded multimedia content and then a second encoded multimedia content, - the encryption (200, 288) of the content of a first ECM or EMM message necessary to decode the first multimedia content according to a first cryptographic procedure, using a first cryptographic key and a first cryptographic algorithm, and the encryption of the content of a second message ECM or EMM necessary to decode the second multimedia content according to a second cryptographic procedure, using a second cryptographic key and a second cryptographic algorithm, different from the first cryptographic procedure, - the reception (204, 292) by terminals of the first and second encoded multimedia contents and the first and second ECM and EMM messages, - the supply (198) of at least one removable safety processor equipped: - of an apprehension support, - of a nominal electronic chip capable of handling the first ECM or EMM message received by the terminal, this nominal electronic chip being housed without any degree of freedom inside the clamping support, and - of at least one emergency electronic chip capable of replacing the nominal chip to handle the second ECM or EMM message received by the terminal, the emergency chip being housed, without any degree of freedom, in the same clamp holder as the chip nominal so that the supply of the security processor and emergency chip does not form more than a single stage, - each electronic chip including an electronic calculator and a non-volatile read-only memory only accessible by this calculator and each electronic chip being reversibly displaceable, by displacement of the security processor, between an inserted position in which the chip is suitable for communicate with the terminal to receive the ECM and EMM messages to be processed and a withdrawn position in which communication between the chip and the terminal is impossible, containing the non-volatile read-only memory of the nominal chip first secret data necessary to decipher the content of the first ECM or EMM message encrypted according to the first cryptographic procedure, wherein the supply (198) consists in providing a security processor in which the non-volatile read-only memory of the nominal type is devoid of second secret data necessary to decrypt the content of the second encrypted ECM or EMM message according to the second procedure and the read-only memory of the emergency chip includes the second secret data, and in which this security processor includes: - an electrical connector (140) that includes electrical contacts (234-241) capable of coming into contact with corresponding electrical contacts of the terminal in the inserted position to establish an electrical connection between one of the electronic chips and the terminal, and - a controller (232) that can be sent suitable for tilting from a nominal position in which the electrical contacts of the electrical connector (140) are electrically connected to corresponding terminals (246) of the nominal chip to an emergency position in which it connects these same electrical contacts to corresponding terminals (250) of the emergency chip, - at least one irreversible switch (254) capable of tilting only once from an initial position, in which it permanently maintains the controller (232) in its nominal position, towards a final position in which the controller tilts towards its emergency position, the nominal chip being programmed to send the irreversible switch toggle in response to the reception of an activation instruction.